universit at trier, 2. juni 2012schwicht/slides/trier12.pdf · juni 2012 helmut schwichtenberg...
TRANSCRIPT
Proofs, computations and analysis
Helmut Schwichtenberg
Mathematisches Institut, LMU, Munchen
Universitat Trier, 2. Juni 2012
Helmut Schwichtenberg Proofs, computations and analysis
Formalization and extraction
One can extract from a (constructive) proof of a formula withcomputational content a term that “realizes” (Kleene, Kreisel,Troelstra) the formula. Why should one?
I It can be important to know for sure (and to be able tomachine check) that in a proof nothing has been overlooked.
I The same applies to the algorithm implicit in the proof: evenif the latter is correct, errors may occur in the implementationof the algorithm.
I Even if the algorithm is correctly implemented, for sensitiveapplications customers may (and do) require a formal proofthat the code implementing the algorithm is correct.
Helmut Schwichtenberg Proofs, computations and analysis
Consequences
I The computational content of a proof should be machineextracted from a formalization of this proof.
I The extract should be a term in the underlying language ofthe formal system (here: T+, a common extension of Godel’sT and Plotkin’s PCF).
I A soundness theorem should be formally proved: the extractrealizes the specification (:= the formula being proved).
Helmut Schwichtenberg Proofs, computations and analysis
Computable functionals
I Types: ι | ρ→ σ. Ground types ι: free algebras (e.g., N).
I Functionals seen as limits of finite approximations: ideals(Kreisel, Scott, Ershov).
I Computable functionals are r.e. sets of finite approximations(example: fixed point functional).
I Functionals are partial. Total functionals are defined (byinduction over the types).
Helmut Schwichtenberg Proofs, computations and analysis
Information systems Cρ for partial continuous functionals
I Types ρ, σ, τ : from algebras ι by ρ→ σ.
I Cρ := (Cρ,Conρ,`ρ).
I Tokens a ∈ Cρ (= atomic pieces of information): constructortrees Ca∗1, . . . a
∗n with a∗i a token or ∗. Example: S(S∗).
I Formal neighborhoods U ∈ Conρ: {a1, . . . , an}, consistent.
I Entailment U `ρ a.
Ideals x ∈ |Cρ| (“points”, here: partial continuous functionals):consistent deductively closed sets of tokens.
Helmut Schwichtenberg Proofs, computations and analysis
Flat or non flat algebras?
I Flat:
∅•
•{0}
���•{1}
���
��•{2}
. . .
I Non flat:
•0 • S∗@@@•S0
���• S(S∗)@
@@•S(S0)
���• S(S(S∗))@
@@•S(S(S0))
���
...
Helmut Schwichtenberg Proofs, computations and analysis
Non flat!
I Every constructor C generates an ideal in the function space:rC := { (U,Ca∗) | U ` a∗ }. Associated continuous map:
|rC|(x) = {Ca∗ | ∃U⊆x(U ` a∗) }.
I Constructors are injective and have disjoint ranges:
|rC|(~x ) ⊆ |rC|(~y )↔ ~x ⊆ ~y ,|rC1 |(~x ) ∩ |rC2 |(~y ) = ∅.
I Both properties are false for flat information systems (forthem, by monotonicity, constructors need to be strict).
|rC|(∅, y) = ∅ = |rC|(x , ∅),|rC1 |(∅) = ∅ = |rC2 |(∅).
Helmut Schwichtenberg Proofs, computations and analysis
A theory of computable functionals, TCF
I A variant of HAω.
I Variables range over arbitrary partial continuous functionals.
I Constants for (partial) computable functionals, defined byequations.
I Inductively and coinductively defined predicates. Totality forground types inductively defined.
I Induction := elimination (or least-fixed-point) axiom for atotality predicate.
I Coinduction := greatest-fixed-point for a coinductively definedpredicate.
I Minimal logic: →,∀ only. = (Leibniz), ∃, ∨, ∧ (Martin-Lof)inductively defined.
I ⊥ := (False = True). Ex-falso-quodlibet: ⊥ → A provable.
I Classical logic as a fragment: ∃xA defined by ¬∀x¬A.
Helmut Schwichtenberg Proofs, computations and analysis
Realizability interpretation
I Define a formula t r A, for A a formula and t a term in T+.
I Soundness theorem:If M proves A, then et(M) r A can be proved.
I Decorations (→c,∀c and →nc, ∀nc) for removal of abstractdata, and fine-tuning:
t r (A→c B) := ∀x(x r A → tx r B),
t r (A→nc B) := ∀x(x r A → t r B),
t r (∀cxA) := ∀x(tx r A),
t r (∀ncx A) := ∀x(t r A).
Helmut Schwichtenberg Proofs, computations and analysis
Example: decorating the existential quantifier
I ∃xA is inductively defined by the clause
∀x(A→ ∃xA)
with least-fixed-point axiom
∃xA→ ∀x(A→ P)→ P.
I Decoration leads to variants ∃d, ∃l,∃r,∃u (d for “double”,l for “left”, r for “right” and u for “uniform”).
∀cx(A→c ∃dxA),
∀cx(A→nc ∃lxA),
∀ncx (A→c ∃rxA),
∀ncx (A→nc ∃uxA),
∃dxA→c ∀cx(A→c P)→c P,
∃lxA→c ∀cx(A→nc P)→c P,
∃rxA→c ∀ncx (A→c P)→c P,
∃uxA→nc ∀ncx (A→nc P)→c P.
Helmut Schwichtenberg Proofs, computations and analysis
Example: Supremum of an order located set of reals
I A real y is a supremum of a set S of reals if
∀x∈S(x ≤ y),
∀a<y∃x∈S(a ≤ x).
I S is order located (above) if
∀a,b;a<b
(∀x∈S(x ≤ b) ∨ ∃x∈S(a ≤ x)
).
Theorem (LUB)
Assume that S is an inhabited set of reals that is bounded above.Then S has a supremum iff it is order located.
Helmut Schwichtenberg Proofs, computations and analysis
S order located → S has a supremum
I ΠS(a, b): both y ≤ b for all y ∈ S and a < x for some x ∈ S .
I By assumption: a, b ∈ Q with a < b such that ΠS(a, b).
I Construct (cn)n and (dn)n (rationals) such that for all n
a = c0 ≤ c1 ≤ · · · ≤ cn < dn ≤ · · · ≤ d1 ≤ d0 = b, (1)
ΠS(cn, dn), (2)
dn − cn ≤ (2/3)n(b − a). (3)
I Step: Have c0, . . . , cn and d0, . . . , dn such that (1)-(3).
I Let c = cn + 13(dn − cn) and d = cn + 2
3(dn − cn).
I Since S is order located, either ∀y∈S(y ≤ d) or ∃x∈S(c < x).
I In the first case let cn+1 := cn and dn+1 := d , and in thesecond case let cn+1 := c and dn+1 := dn.
I (1)-(3) hold for n + 1, and the real x = y given by the Cauchysequences (cn)n and (dn)n is the least upper bound of S .
Helmut Schwichtenberg Proofs, computations and analysis
Nonnegative and k-positive reals
I A real number x is a pair ((an)n∈N,M) with an ∈ Q andM : N→ N such that (an)n is a Cauchy sequence withmodulus M, that is
|an − am| ≤ 2−k for n,m ≥ M(k).
I A real x := ((an)n,M) is nonnegative (x ∈ R0+) if
−2−k ≤ aM(k) for all k ∈ N.
It is k-positive (x ∈k R+) if
2−k ≤ aM(k+1).
I (x ≤ y) := (y − x ∈ R0+).
I (x < y) := ∃k(x ∈k R+).
Helmut Schwichtenberg Proofs, computations and analysis
Formalization
∀y0∈S∀b0( S inhabited
∀x∈S(x ≤ b0) b0 upper bound of S
→ ∀a,b;a<b(∀x∈S(x ≤ b) ∨ ∃x∈S(a ≤ x)) S order located
→ ∃y (∀x∈S(x ≤ y) ∧ ∀a<y∃x∈S(a ≤ x)).
The type of a witness depends on the type τ of a witness for theformula defining S (example: Z for S := { x | x2 < 2 }):
R→ τ → Q S inhabited, bound b0 given
→ (Q→ Q→ U + R× τ) S order located
→ R× (Q→ Z→ R× τ).
For a witness disregarding τ we “decorate” logical connectives:
Helmut Schwichtenberg Proofs, computations and analysis
Decoration
∀y0(y0 ∈ S →nc ∀b0(
∀x∈S(x ≤ b0)
→ ∀a,b;a<b(∀x∈S(x ≤ b) ∨ ∃lx(x ∈ S ∧ a ≤ x))
→ ∃y (∀x∈S(x ≤ y) ∧ ∀a(a < y → ∃lx(x ∈ S ∧ a ≤ x))))).
The type of a witness now is as desired
R→ Q S inhabited, bound b0 given
→ (Q→ Q→ U + R) S order located
→ R× (Q→ Z→ R).
Helmut Schwichtenberg Proofs, computations and analysis
Example: average of two reals
Berger and Seisenberger (2009, 2010).
I Extraction from a proof dealing with abstract reals.
I Proof involving coinduction of the proposition that any tworeals in [−1, 1] have their average in the same interval.
I B & S informally extract a Haskell program from this proof,which works with stream representations of reals.
Aim here: discuss formalization of the proof, and machineextraction of its computational content.
Helmut Schwichtenberg Proofs, computations and analysis
Free algebra J of intervals
I SD := {−1, 0, 1} signed digits (or {L,M,R}).
I J free algebra of intervals. Constructors
I the interval [−1, 1],
C : SD→ J→ J left, middle, right half.
I C1I denotes [0, 1].
I C0I denotes [−12 ,
12 ].
I C0(C−1I) denotes [−12 , 0].
Cd0(Cd1 . . . (Cdk−1I) . . . ) denotes the interval in [−1, 1] whose reals
have a signed digit representation starting with d0d1 . . . dk−1.
I We consider ideals x ∈ |CJ|.
Helmut Schwichtenberg Proofs, computations and analysis
Total and cototal ideals of base type
Generally:
I Cototal ideals x : every token (i.e., constructor tree) P(∗) ∈ xhas a “�1-successor” P(C~∗ ) ∈ x .
I Total ideals: the cototal ones with �1 well-founded.
Examples:
I Total ideals of J:
I i
2k,k := [
i
2k− 1
2k,
i
2k+
1
2k] for −2k < i < 2k .
I Cototal ideals of J: reals in [−1, 1], in (non-unique) streamrepresentation using signed digits −1, 0, 1.
Helmut Schwichtenberg Proofs, computations and analysis
Inductive and coinductive definitions
I Inductively define a set I of (abstract) reals, by the clauses
I 0, ∀ncx ∀d(Ix → I
x + d
2
).
Witnesses are intervals (total ideals in J).
I Coinductively define coI , by the (single) clause
∀ncx(coIx → x = 0 ∨ ∃ry∃d(x =
y + d
2∧ coIy)
).
Witnesses are streams of signed digits (cototal ideals in J).
I From a formalized proof of ∀ncx ,y (coIx → coIy → coI x+y2 ) extract
a stream transformer, of type J→ J→ J.
Helmut Schwichtenberg Proofs, computations and analysis
Arbitrary or fixed moduli
Reals:
I ((an)n,M) Cauchy sequence plus modulus, or
I finite or infinite list of signed digits −1, 0, 1.
(Uniformly) continuous function:
I (hf , αf , ωf ) approximating function, uniform modulus ofCauchyness plus modulus of uniform continuity, or
I possibly non well-founded labelled (with lists of signed digits−1, 0, 1) ternary tree.
Helmut Schwichtenberg Proofs, computations and analysis
Continuous functions
I Increment function f + : L(SD)→ L(SD).
I From f + we obtain f : L(SD)→ L(SD) by
f [] = f +[],
f (d :: a) = f +(d :: a) ∗ f (a).
I Example x+d2 :
f +[] = d ,
f +(d :: a) = d .
I Example −x :
f +[] = [],
f +(d :: a) = −d .
Helmut Schwichtenberg Proofs, computations and analysis
Conclusion
I Decoration (→nc, ∀nc, ∃l etc.) needed to extract reasonableprograms from proofs.
I Cototal ideals (type 0) to represent reals (as streams).
I Extract stream transformers from coinductive proofs.
I Work in progress (Kenji Miyamoto): continuous functions aspossibly non well-founded labelled ternary trees (labels: listsof signed digits −1, 0, 1). Extract programs from coinductiveproofs (e.g., composition).
Helmut Schwichtenberg Proofs, computations and analysis
References
I U. Berger, From coinductive proofs to exact real arithmetic.CSL 2009.
I U. Berger, K. Miyamoto, H.S. and M. Seisenberger, Theinteractive proof system Minlog. Calco-Tools 2011.
I H.S., Realizability interpretation of proofs in constructiveanalysis. Theory of Computing Systems, 2008.
I H.S. and S.S. Wainer, Proofs and Computations. Perspectivesin Logic, ASL & Cambridge UP, 2012.
Helmut Schwichtenberg Proofs, computations and analysis